If you believe the character of the movie master George Danelia, hackers have a goal and they are definitely not in danger of extinction in the near future. Only the object of hacker differentiation is traditionally not pants, but hats.
Initially, hackers were only allowed two types of headwear: black (Black hat hackers) for criminal and white (White hat hackers) for ethical ones. However, over time, the hacker wardrobe has become much wider. Now cybercriminals can also try on gray, red, blue, green and even purple hats. This set is updated almost as often as the product range in clothing stores.
How many hats can a modern hacker wear? The updated classification is discussed in the article.
These are experienced hackers who have all the necessary skills to cause serious damage to a well-known person, company, or even the government of a country. In the arsenal of criminal hackers:
It is the chernoshlyapniki who are usually the most famous hackers. Their crimes are reported in the media, law enforcement agencies in various countries put them on the wanted list, and trials attract increased attention. Representatives of this category are often given unofficial titles like "hacker legend". In the summer of 2023, this was the name given in the obituaries of Kevin Mitnick, who was convicted and served several prison sentences for hacking-related crimes. That didn't stop him from moving to the next category later.
In Russian, the names "white hacker" or "ethical hacker"have been assigned to white hatters. Their services are actively used by companies around the world that announce their programs to search for vulnerabilities for rewards — bug bounty. So, during the operation of such an Apple program, ethical hackers helped the company find 130 critical vulnerabilities, and Github in 2022 paid vulnerability seekers $ 1.5 million. Yandex in August 2023 announced an increase in the maximum possible amount of remuneration for ethical hackers to 2.8 million rubles.
In Russia, the activities of whitecaps are not so simple. Officially, it is still illegal. Recently, the Ministry of Digital Resources considered legalizing ethical hackers, which would allow them to avoid the risk of criminal prosecution. In the meantime, from the point of view of Russian legislation, it does not matter at all why a hacker broke into the system. This, however, does not prevent the Ministry of Digital Development itself from expanding its bug bounty programs.
It would be a mistake to think that grayflapers aren't dangerous hackers. They are motivated by interest, and if so, they usually have all the necessary technical skills at a decent level. And if grayflaper wants to show off his exploits in the hacker community, he can push criminal hackers to new schemes and objects.
The gray hat is clearly worn by hacker Khalil Shreateh, who in 2013 hacked Mark Zuckerberg's Facebook account (the social network is blocked in Russia). After hacking, he simply left a message on the wall about the vulnerability he discovered.
Krasnoshlyapnikov can be involved in their activities by government agencies responsible for information security in different countries. But this is not a mandatory condition. Red hats can also act completely independently, wanting to protect the world from the threat posed by Black hats.
The color of these hackers ' hats is sometimes associated with the flag of the Roman Empire, or with the scarlet revolutionary banner used by the Bolsheviks during the October Revolution. But rather, it's just a legend that points to the bravery and intransigence of these hacker front fighters.
An example of krasnoshlyapniki is the Anonymous group, whose members are often called "digital Robin Hoods", but some are inclined to less flattering definition of "digital terrorists". True, Anonymous is opposed not so much to black hats as to censorship on the Internet. To do this, the group repeatedly hacked the websites and systems of governments and other state structures in different countries. The movement's popularity is so high that it has recognizable symbols in different countries. One of them is the hacker mask, which is now used on many thematic photos.
Microsoft regularly cooperates with blueshlyapniki, which annually holds its BlueHat conferences. The company also creates a podcast for those who want to take part in testing their software.
The above hat colors are not always attributed to a specific type of hacker. Black and gray hats are often mixed with red ones, and white hats can be quite difficult to distinguish from blue ones. For example, in various games and simulations dedicated to information security, traditionally the red team is the attacking side, and the blue team is the defense. A recent example of this division is the board game Guardians of the Grid.
The editors of Cyber Media sincerely thank zelenoshlyapnikov for the uninterrupted provision of stories for the "News" section, but urge to use only legal training methods. Representatives of this group regularly attack either a sugar factory or the official portal of the administration of some region. Attempts to gain valuable experience usually end with meetings with FSB officers. Some green hats even honestly explain their actions with the desire to learn more about computer attacks in order to protect Internet resources.
There are no examples for this category, because no one knows about the activities of purple-hatters. The remaining types belong to real hackers and with varying frequency fall into the criminal reports, then in the gratitude of various companies. But these workers of the invisible front are harmless and invisible. Until they acquire the necessary skills and decide where to apply them.
The activities of a modern hacker are too complex to be classified into even seven categories. Probably, in the future, there will be more hats, and it will be even more difficult to determine what type of hacker belongs to. In the meantime, they easily change hats, moving from one category to another or even combining several different directions.
Another option is also possible: the hat typology will completely lose its relevance due to the increasingly mixed nature of hackers activities. In this case, you will have to determine their goals without relying on the color differentiation of pants, that is, hats.
Initially, hackers were only allowed two types of headwear: black (Black hat hackers) for criminal and white (White hat hackers) for ethical ones. However, over time, the hacker wardrobe has become much wider. Now cybercriminals can also try on gray, red, blue, green and even purple hats. This set is updated almost as often as the product range in clothing stores.
How many hats can a modern hacker wear? The updated classification is discussed in the article.
Black Hat or Black hats
This category rightfully bears the title of "the most dangerous hackers". Chernoshlyapniki are engaged in real hacking of computer systems for profit and/or other criminal intentions.These are experienced hackers who have all the necessary skills to cause serious damage to a well-known person, company, or even the government of a country. In the arsenal of criminal hackers:
- phishing;
- malicious software;
- DDoS attacks;
- financial fraud and other methods.
It is the chernoshlyapniki who are usually the most famous hackers. Their crimes are reported in the media, law enforcement agencies in various countries put them on the wanted list, and trials attract increased attention. Representatives of this category are often given unofficial titles like "hacker legend". In the summer of 2023, this was the name given in the obituaries of Kevin Mitnick, who was convicted and served several prison sentences for hacking-related crimes. That didn't stop him from moving to the next category later.
White Hat or white hats
Like people in white coats, hackers in white hats are all positive characters. They don't do anything illegal. The hacking activity of this group is aimed at finding vulnerabilities in networks and systems, but not for the purpose of obtaining profit. They report the problem to the company so that it can fix it. The hacker receives a reward for this.In Russian, the names "white hacker" or "ethical hacker"have been assigned to white hatters. Their services are actively used by companies around the world that announce their programs to search for vulnerabilities for rewards — bug bounty. So, during the operation of such an Apple program, ethical hackers helped the company find 130 critical vulnerabilities, and Github in 2022 paid vulnerability seekers $ 1.5 million. Yandex in August 2023 announced an increase in the maximum possible amount of remuneration for ethical hackers to 2.8 million rubles.
In Russia, the activities of whitecaps are not so simple. Officially, it is still illegal. Recently, the Ministry of Digital Resources considered legalizing ethical hackers, which would allow them to avoid the risk of criminal prosecution. In the meantime, from the point of view of Russian legislation, it does not matter at all why a hacker broke into the system. This, however, does not prevent the Ministry of Digital Development itself from expanding its bug bounty programs.
Grey hat or grey hats
If hackers in black hats are negative heroes, and in white hats they are positive, then who is wearing gray ones? This is the name of those who hack networks and systems "out of interest". Such hackers are not motivated by the motivation of their criminal colleagues — they do not plan to receive a ransom for stolen information or cause real damage to the company. However, they are also not going to help the company fix the vulnerabilities they found.It would be a mistake to think that grayflapers aren't dangerous hackers. They are motivated by interest, and if so, they usually have all the necessary technical skills at a decent level. And if grayflaper wants to show off his exploits in the hacker community, he can push criminal hackers to new schemes and objects.
The gray hat is clearly worn by hacker Khalil Shreateh, who in 2013 hacked Mark Zuckerberg's Facebook account (the social network is blocked in Russia). After hacking, he simply left a message on the wall about the vulnerability he discovered.
Red hat or red hats
These are professional hackers or hacktivists whose main motivation is to resist criminal hackers. However, they themselves determine the techniques that they will use in this eternal battle. This can often be the same malware as Black hat, which will be used to compromise the devices of its opponents. To accurately determine the type of a particular hacker, you just want to ask them to put on a hat.Krasnoshlyapnikov can be involved in their activities by government agencies responsible for information security in different countries. But this is not a mandatory condition. Red hats can also act completely independently, wanting to protect the world from the threat posed by Black hats.
The color of these hackers ' hats is sometimes associated with the flag of the Roman Empire, or with the scarlet revolutionary banner used by the Bolsheviks during the October Revolution. But rather, it's just a legend that points to the bravery and intransigence of these hacker front fighters.
An example of krasnoshlyapniki is the Anonymous group, whose members are often called "digital Robin Hoods", but some are inclined to less flattering definition of "digital terrorists". True, Anonymous is opposed not so much to black hats as to censorship on the Internet. To do this, the group repeatedly hacked the websites and systems of governments and other state structures in different countries. The movement's popularity is so high that it has recognizable symbols in different countries. One of them is the hacker mask, which is now used on many thematic photos.
Blue hat or blue hats
This type of hacker is used by companies before the release of new software. Blue hats are testing a new product and looking for vulnerabilities so that the developer can fix them before launching.Microsoft regularly cooperates with blueshlyapniki, which annually holds its BlueHat conferences. The company also creates a podcast for those who want to take part in testing their software.
The above hat colors are not always attributed to a specific type of hacker. Black and gray hats are often mixed with red ones, and white hats can be quite difficult to distinguish from blue ones. For example, in various games and simulations dedicated to information security, traditionally the red team is the attacking side, and the blue team is the defense. A recent example of this division is the board game Guardians of the Grid.
Green hat or green hats
The previous types included professional hackers. However, green hats are novice hackers. The level of skills they have leaves much to be desired, but the desire to get them immediately on real objects is over the edge.The editors of Cyber Media sincerely thank zelenoshlyapnikov for the uninterrupted provision of stories for the "News" section, but urge to use only legal training methods. Representatives of this group regularly attack either a sugar factory or the official portal of the administration of some region. Attempts to gain valuable experience usually end with meetings with FSB officers. Some green hats even honestly explain their actions with the desire to learn more about computer attacks in order to protect Internet resources.
Purple hat or purple hats
This is a variety of green hats and they were separated into a separate type relatively recently. Purple hats are also beginners who are practicing their skills of hacking some software on their own computer. In other words, Purple hat uses two devices: one as an object of hacking, and the other as a tool for its implementation.There are no examples for this category, because no one knows about the activities of purple-hatters. The remaining types belong to real hackers and with varying frequency fall into the criminal reports, then in the gratitude of various companies. But these workers of the invisible front are harmless and invisible. Until they acquire the necessary skills and decide where to apply them.
How many hats does a hacker have?
The activities of a modern hacker are too complex to be classified into even seven categories. Probably, in the future, there will be more hats, and it will be even more difficult to determine what type of hacker belongs to. In the meantime, they easily change hats, moving from one category to another or even combining several different directions.
Another option is also possible: the hat typology will completely lose its relevance due to the increasingly mixed nature of hackers activities. In this case, you will have to determine their goals without relying on the color differentiation of pants, that is, hats.
